I can say that a lot of problems that may seem “unique to openshift” often are less “openshift specific” problems, and more like “locked-down security postures that could happen in any cluster, but are much more likely to show up in openshift clusters”. These include:
- Requiring use of an existing service account instead one created by the KOTS CLI
- Requiring airgap
- Requiring a specific namespace, and that all workloads and service accounts be scoped to that one single namespace
There are, of course, some openshift-specific things that are almost certain to come up
- Requiring containers to run as non-root
- Blocking
privileged
and other flags that open the door to container privilege escalation
In all cases, please ensure you provision and test in an Openshift cluster internally, or you’re certainly in for some surprises on launch day. Start drafting your documentation before you go to install with the customer. Have someone on your team playtest the documentation to make sure they can follow and succeed with it.
As for resources, this won’t be comprehensive, but I’d check out
There are many vendor documentation examples in Help creating Replicated Documentation For end user Kubernetes installs?, and a few openshift-specific deep-links provided below from industry leaders: